Hi,

I was asking, because up until now I recall a single syslog-ng user, who told me, that he saves all log messages. On the other hand I keep receiving (marketing) e-mails, that no logs should be discarded, everything should be saved. And sometimes I receive the same feedback from the Big Data world: we have enough disk space, why to do any filtering. So I'd be interested to learn from real world experiences, if filtering is really old fashioned or is there any situation (compliance requirement, endless storage, etc.) when you really save all log messages.

Bye,

Peter Czanik (CzP) <peter.czanik@balabit.com>
Balabit / syslog-ng upstream
http://czanik.blogs.balabit.com/
https://twitter.com/PCzanik

On Thu, Apr 28, 2016 at 11:11 AM, Fabien Wernli <wernli@in2p3.fr> wrote:

On Thu, Apr 28, 2016 at 11:06:07AM +0200, Czanik, Péter wrote:
> One of the major strengths of syslog-ng is message filtering, which
> facilitates message routing and discarding useless log messages. OTOH I
> often read, that we have now all the technologies and storage to keep all
> logs. What do you think?

I would go further: we now have the means to add relevant metadata to all the events,
which in turn allows us to do targeted archiving.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq